CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-28077

A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports of devices that are exposed. By using special usernames and special characters (such as half parentheses or square brackets), one can call the login interface and cause the session-management program to crash, resulting in customers being unable to log into their devices. This affects MT6000 4.5.6, XE3000 4.4.5, X3000 4.4.6, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-V2 4.3.10, and XE300 4.3.16.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 42.0%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2024-28077

Gl-Inet » A1300 » Version: N/A

cpe:2.3:h:gl-inet:a1300:-
Gl-Inet » Ar300m16 » Version: N/A

cpe:2.3:h:gl-inet:ar300m16:-
Gl-Inet » Ar300m » Version: N/A

cpe:2.3:h:gl-inet:ar300m:-
Gl-Inet » Ar750 » Version: N/A

cpe:2.3:h:gl-inet:ar750:-
Gl-Inet » Ar750s » Version: N/A

cpe:2.3:h:gl-inet:ar750s:-
Gl-Inet » Ax1800 » Version: N/A

cpe:2.3:h:gl-inet:ax1800:-
Gl-Inet » Axt1800 » Version: N/A

cpe:2.3:h:gl-inet:axt1800:-
Gl-Inet » B1300 » Version: N/A

cpe:2.3:h:gl-inet:b1300:-
Gl-Inet » Mt1300 » Version: N/A

cpe:2.3:h:gl-inet:mt1300:-
Gl-Inet » Mt2500 » Version: N/A

cpe:2.3:h:gl-inet:mt2500:-
Gl-Inet » Mt3000 » Version: N/A

cpe:2.3:h:gl-inet:mt3000:-
Gl-Inet » Mt300n-V2 » Version: N/A

cpe:2.3:h:gl-inet:mt300n-v2:-
Gl-Inet » Mt6000 » Version: N/A

cpe:2.3:h:gl-inet:mt6000:-
Gl-Inet » Sft1200 » Version: N/A

cpe:2.3:h:gl-inet:sft1200:-
Gl-Inet » X3000 » Version: N/A

cpe:2.3:h:gl-inet:x3000:-
Gl-Inet » X750 » Version: N/A

cpe:2.3:h:gl-inet:x750:-
Gl-Inet » Xe3000 » Version: N/A

cpe:2.3:h:gl-inet:xe3000:-
Gl-Inet » Xe300 » Version: N/A

cpe:2.3:h:gl-inet:xe300:-
Gl-Inet » A1300 Firmware » Version: 4.5.0

cpe:2.3:o:gl-inet:a1300_firmware:4.5.0
Gl-Inet » Ar300m16 Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:ar300m16_firmware:4.3.10
Gl-Inet » Ar300m Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:ar300m_firmware:4.3.10
Gl-Inet » Ar750 Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:ar750_firmware:4.3.10
Gl-Inet » Ar750s Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:ar750s_firmware:4.3.10
Gl-Inet » Ax1800 Firmware » Version: 4.5.0

cpe:2.3:o:gl-inet:ax1800_firmware:4.5.0
Gl-Inet » Axt1800 Firmware » Version: 4.5.0

cpe:2.3:o:gl-inet:axt1800_firmware:4.5.0
Gl-Inet » B1300 Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:b1300_firmware:4.3.10
Gl-Inet » Mt1300 Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:mt1300_firmware:4.3.10
Gl-Inet » Mt2500 Firmware » Version: 4.5.0

cpe:2.3:o:gl-inet:mt2500_firmware:4.5.0
Gl-Inet » Mt3000 Firmware » Version: 4.5.0

cpe:2.3:o:gl-inet:mt3000_firmware:4.5.0
Gl-Inet » Mt300n-V2 Firmware » Version: 4.3.10

cpe:2.3:o:gl-inet:mt300n-v2_firmware:4.3.10
Gl-Inet » Mt6000 Firmware » Version: 4.5.6

cpe:2.3:o:gl-inet:mt6000_firmware:4.5.6
Gl-Inet » Sft1200 Firmware » Version: 4.3.7

cpe:2.3:o:gl-inet:sft1200_firmware:4.3.7
Gl-Inet » X3000 Firmware » Version: 4.4.6

cpe:2.3:o:gl-inet:x3000_firmware:4.4.6
Gl-Inet » X750 Firmware » Version: 4.3.7

cpe:2.3:o:gl-inet:x750_firmware:4.3.7
Gl-Inet » Xe3000 Firmware » Version: 4.4.4

cpe:2.3:o:gl-inet:xe3000_firmware:4.4.4
Gl-Inet » Xe300 Firmware » Version: 4.3.16

cpe:2.3:o:gl-inet:xe300_firmware:4.3.16

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-28077

Products

Pricing

Contact Us